From owner-freebsd-ipfw Thu Aug 1 2:43:55 2002 Delivered-To: freebsd-ipfw@freebsd.org Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id D2B1337B400 for ; Thu, 1 Aug 2002 02:43:52 -0700 (PDT) Received: from relay02.esat.net (relay02.esat.net [192.111.39.21]) by mx1.FreeBSD.org (Postfix) with ESMTP id 1B5CB43E42 for ; Thu, 1 Aug 2002 02:43:52 -0700 (PDT) (envelope-from phil@ipac.ie) Received: from ipac-gw.cr001.ddm.esat.net (mail.rfc-networks.ie) [193.95.188.30] by relay02.esat.net with esmtp id 17aCUp-0007aQ-00; Thu, 01 Aug 2002 10:43:51 +0100 Received: from tear.domain (unknown [10.0.1.254]) by mail.rfc-networks.ie (Postfix) with ESMTP id A04315483C for ; Thu, 1 Aug 2002 09:47:52 +0100 (IST) Received: by tear.domain (Postfix, from userid 1000) id 5AE9E2113F; Thu, 1 Aug 2002 10:44:38 +0000 (GMT) Date: Thu, 1 Aug 2002 10:44:38 +0000 From: Philip Reynolds To: freebsd-ipfw@freebsd.org Subject: Re: ruleset q-n Message-ID: <20020801104438.A28257@rfc-networks.ie> Reply-To: philip.reynolds@rfc-networks.ie References: <015c01c238dd$a8bc8450$0100a8c0@ilya> Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <015c01c238dd$a8bc8450$0100a8c0@ilya>; from mail@krel.org on Wed, Jul 31, 2002 at 05:59:55PM -0400 X-Operating-System: FreeBSD 4.6-RC X-URL: http://www.rfc-networks.ie Sender: owner-freebsd-ipfw@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG Ilya 41 lines of wisdom included: > I have a problem, with smtp traffic, in my ipfw.log i see alot of 65534 denied packets either from foreign_ip port 25, or to my internet_ip port 25, even though all emails seem to go through. > here is my ruleset: > > > i had same problem with DNS and solved it by specifically alowing DNS traffic in all directions, but i dont think thats the right way. > Why would smtp traffic hit the last deny rule at all? > for example this is an entry from log: > Jul 31 17:52:57 mybox ipfw: 65534 Deny TCP 216.136.204.119:20028 $internet_ip:25 in via ed0 > but the email did came through. it almost looks like the connection is closed, and than mx2.FreeBSD.org tries to connect to port 25 again. > why wouldnt it be able to do so? why didnt this packet hit rule 500 ? and instead hit 65534? I don't have the time to look at your problem in-depth at the moment, but perhaps look at the following: http://resources.rfc-networks.ie/freebsd/ipfw_nat_stateful.phtml As you seem to be using NAT and stateful firewalling. After coming across problems with NAT and stateful firewalling, the above solution worked for me. If you're still having problems after completing the instructions (there aren't many I know, but I'm just starting it), paste the output for ipfw -d list, during the connections, and more verbose logs, plus an analysis of the traffic would be nice as well (see tcpdump(1)). -- Philip Reynolds | Technical Director philip.reynolds@rfc-networks.ie | RFC Networks Ltd. http://www.rfc-networks.ie | +353 (0)1 8832063 To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ipfw" in the body of the message